Search results

Home / Search

Category:
Select
Select

11269 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 9001 document requirements for a repair shop


    Thank you for any help you can offer.

    Answer:

    The requirements for document and records are the same regardless of the size of the company, but this new version of ISO 9001 allows you to decrease the amount of documentation. There are no requirements for SOPs and WI, so you can decide by yourself what SOP and WIs are worth documenting. I would suggest you to document them only for activities and processes that are complex and have higher chances of nonconformities. The more competent employees you have, the less documents you need.

    For more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/

  • Making simple EMS system


    Answer:

    The essence of the EMS (Environmental Management System) is control of significant environmental aspects. In order to control them you need to identify them first and distinguish significant and insignificant environmental aspects by applying some criteria for evaluation. Once you determine significant environmental aspects, you need to establish operational controls and monitor their effectiveness.

    When you have operational control established, you can later add other requirements of the standard and have entire EMS compliant with the standard, but for begining, this can d o the trick.

    For more information, see: Defining and implementing operational control in ISO 14001:2015 https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/

  • Learning ISO 27001:2013 from scratch


    Answer: The best would be to start with this free online training ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ - there you will learn the basics of ISO 27001:2013, as well as the auditing techniques.

  • Assets analysis


    Answer: For ISO 27001 all assets are valued regarding the impact of loss of confidentiality, integrity and availability of the information. Such valuation is performed during the risk assessment process.

    So when you think about General Manager you have to think about the potential impact if the confidentiality, integrity or availability of the information the manager needs to perform his function, or creates and provides as result of his work, is endangered.

    2. For Software Asset dependency, its goes the same?

    Answer: Yes, you can have the same approach: the potential impact on information the software needs to perform its function or, on the other way, the impact on information the software creates and makes available to organization.

    This article w ill provide you further explanation about asset management:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

    These materials will also help you regarding asset management and risk assessment:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Emergency release

    Answer: Change Management is (as it's name implies) - only a management process. It doesn't implement anything (physically). Namely, Change Management uses Release and Deployment Management process to implement changes. That's, also, true for Emergency Changes. So, Emergency releases are related to Emergency changes (rather than to declare the as being the same thing). This article explains Emergency Changes: "How to manage Emergency Changes as part of ITIL Change Management"

  • Defects and reworks


    Answer:

    In any case you need to enable traceability of the part, which means if you closed the DR (Discrepancy Report), it must contain information on what further steps will be taken with the product, in this case rework. Even when the rework doesn't fix t he defect, the company can decide to re-purpose the product or deliver it to the customer under concession.

    I assume that the rework procedure includes the quality check and if the product is still not meeting the requirements and cannot be sent to the customer, the only way to handle it is to declare it nonconforming product and disposition it accordingly.

    But, in any case, you need to maintain traceability of the part in all processing stages until delivery to the customer or disposition as a nonconforming product.

    For more information, see: Understanding dispositions for ISO 9001 nonconforming product https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/

  • Risk management tools


    Answer: Since we work with ISO standards, we do not suggest specific solutions to be implemented (each organization is unique in its needs and any suggested software may not be the most proper choice without a detailed evaluation), but we can suggest market recognized players in this industry you can consult:
    - https://www.computerweekly.com/feature/Risk-Management-Software-Essential-Guide

    Additionally I can suggest you this material to help perform a structured evaluation: Quantitative Methods for Software Selection and Evaluation ftp://ftp.cert.org/public/documents/06.reports/pdf/06tn026.pdf
    This article will provide you further explanation about tools for ISO 27001 and ISO 22301:
    - When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/

  • Succession plan


    Answer: You can consider a succession plan as a business continuity strategy to act in a preventive manner to minimize disruptions and impacts regarding the loss of a key person in your organization (e.g., CEO, lead researcher, etc.). A properly developed succession plan can ensure the continuity of authority, decision-making, and communication regarding the function performed by the unavailable person.

    Unfortunately we do not have a specific template for a succession plan/strategy, but you can consider this process as part of a career planning, with activities related to the analyzing of jobs and people to ensure that there is a pool of experienced and capable personnel who can step into positions as they become available, either because of planned availability, as people get promoted or retire, or because of unplanned vacancies. Considering this, I suggest you to take a look at the free demo of our:
    - Training an d Awareness Plan: https://advisera.com/27001academy/documentation/training-and-awareness-plan/
    - Business Continuity Strategy https://advisera.com/27001academy/documentation/business-continuity-strategy/

    to check if it can fulfil your needs. You just have to scroll down the screen a little to find the free demo tab.

    This article will provide you further explanation about business continuity strategy:
    - Can business continuity strategy save your money? https://advisera.com/27001academy/blog/2010/03/15/can-business-continuity-strategy-save-your-money/

    These materials will also help you regarding Succession plan:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
    - Developing the business continuity strategy according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/developing-the-business-continuity-strategy-according-to-iso-22301-free-webinar-on-demand/

  • Exclusions in ISO 9001:2015


    I am currently sited in Singapore which acts as the production HQ for five shoes factories based in Asia and Europe. I am trying to redraft the quality manual(currently based on 2008 ver) to conform to ISO:9001:2015. I hope to know if below requirements are justified to be excluded from the quality manual.

    For 8.2 & 8.3, the justifications for exclusion are due to these processes are owned by R&D function sitting in Denmark thus my site has no control over it. For 8.5.3, we don't own any customer and external provider's properties in the factories today.

    8.2 Requirements for products and service
    8.3 Design and development
    8.5.3 Property belonging to customer or external providers

    Are these exclusions acceptable? Appreciate your insights.

    Answer:

    It is hard to conclude from your question whether the R&D function is part of your QMS scope or not. If yes, then it is impossible to exclude clause 8.3. If not, you need to define your relationship with the R&D section, they can be considered as your external pr ovider, so you only need to define controls of external provider and can exclude the clause 8.3.

    When it comes to clause 8.2, it is not clear how this is related to R&D since these requirements are related mainly to sales process and this can hardly be excluded in your case. The clause includes identification of product requirements and review of product requirements so it is rather hard to exclude it. Justification for the exclusion can be that you only work for one customer and even in that case it is stretched. I would suggest you to keep this requirements within your QMS although I cannot say with 100% certainty since I do not have all information.

    As far as clause 8.5.3 is concerned, your justification is OK, and you can exclude these requirements from your QMS.

    To read more about exclusions in ISO 9001:2015, see: What clauses can be excluded in ISO 9001:2015? https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/

  • Quality Manual in ISO 9001:2015


    Answer:

    New version of the standard doesn't require the manual, so you can write it any way you want. If it is requirement of the supplier, you can ask them what elements should the manual contain.

    For example, in most cases the manual follows the structure of the standard and one of my clients had a supplier audit where they found as "nonconformity" that the manual only covers clauses but not sub-clauses of the standard, but this is minor issue and I'm sure even in such cases it wouldn't be a problem.

    Here is one article that can be interesting to you: The future of the Quality Manual in ISO 9001:2015 https://advisera.com/9001academy/knowledgebase/the-future-of-the-quality-manual-in-iso-90012015/
Page 897-vs-13485 of 1127 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +